Vulnerability Disclosure Policy

1. Introduction

At iyzitrace, we take security seriously. We welcome responsible disclosure of security vulnerabilities that could impact our platform, infrastructure or customers.

2. Scope

In-scope assets include:

• iyzitrace web application and dashboards.
• APIs and authentication flows.
• Publicly exposed services operated by iyzitrace.

Out-of-scope includes:

• Social engineering attacks.
• Physical security or office locations.
• Third-party services not under our direct control.

3. Responsible Research Guidelines

Please follow these guidelines:

• Do not exploit a vulnerability beyond what is necessary to prove its existence.
• Do not access, modify or delete customer data.
• Do not impact service availability or user experience.
• Allow us reasonable time to investigate and remediate before public disclosure.

4. Reporting

Please send your findings to [email protected] with:

• Detailed description of the vulnerability.
• Steps to reproduce (PoC code or screenshots).
• Potential impact and affected components.
• Your contact details for follow-up.

5. Safe Harbor

If you comply with this policy while investigating and reporting a vulnerability, we will not pursue legal action against you for your research activities.

6. Recognition and Rewards

We currently do not operate a public bug bounty program. However, we may offer thanks, recognition or other forms of appreciation for high-impact, clearly documented reports.

7. Contact

For any security-related questions, please reach out to [email protected].